<?php
/**
 * Created by sunqiang.
 * User: sunqiang
 * Date: 14-11-4
 * Time: 下午2:05
 */

//权限
class ajax_permission {
    public function execute() {

        if (isset($_REQUEST['operFlg']) && is_numeric($_REQUEST['operFlg'])) {

            switch($_REQUEST['operFlg']) {

                case 1: //验证权限
                    $this->verifyPermissions();
                    break;

                case 2: //验证码验证
                    $this->yzmYz();
                    break;

                default:
                    returnJsonData('参数错误');
                    break;

            }

        } else {
            returnJsonData('参数错误');
        }

    }


    /*
     *验证权限
     * */
    private  function verifyPermissions()
    {

        if(empty($_REQUEST['userID'])){
            returnJsonData('用户名不能为空');
        }
        if(empty($_REQUEST['userPwd'])){
            returnJsonData('用户密码不能为空');
        }
        if(empty($_REQUEST['permissionsID']))
        {
            returnJsonData('权限号不能为空');
        }



        $userID = $_REQUEST['userID'];
        $userPwd = $_REQUEST['userPwd'];
        $permissionsID = $_REQUEST['permissionsID'];



        global $G_SHOP;

        quanli_require("module/base/system/sysUser.class.php");
        quanli_require("module/base/system/sysRole.class.php");

        //实例化后台用户类
        $sysUser = new sysUser($G_SHOP->DBCA);
        $sysRole = new sysRole($G_SHOP->DBCA);

        //查询验证后台用户
        $arg_array = array(
            'userID' => $userID
        );
        $user_array = $sysUser->searchUserInfo($arg_array);
        if (!$user_array) {
            returnJsonData('用户不存在');
        }
        if ($user_array[0]['userPwd'] != md5($userPwd)) {
            returnJsonData('密码错误');
        }

        //查询用户的角色
        $arg_array = array(
            'userID' => $userID
        );
        $user_userrole_array = $sysUser->searchUserRole($arg_array);

        if(!$user_userrole_array){
            returnJsonData('角色不存在');
        }

        $isP = 0;
        foreach ($user_userrole_array as &$role) {
            //查询角色下的权限
            $arg_array = array(
                'roleID' => $role
            );
            $user_rolepermission_array = $sysRole->searchRolePermission($arg_array);
            if(isset($user_rolepermission_array[$permissionsID]) && $user_rolepermission_array[$permissionsID] == 1){
                $isP++;
            }
        }

        if(!$isP){
            returnJsonData('没有权限');
        }
        returnJsonData('ok', 200);
    }

    /**
     * 验证码验证
     */
    private function yzmYz(){

        global $G_SHOP;

        if(!isset($_REQUEST['yzm']) || empty($_REQUEST['yzm'])){
            returnJsonData('验证码不能为空');
        }

        if(md5($_REQUEST['yzm']) != $G_SHOP->sessionCache_get('yzm')){
            returnJsonData('验证码错误');
            $G_SHOP->sessionCache_remove('yzm');
        }

        returnJsonData('ok', 200, $_REQUEST['yzm']);

    }

}